General

  • Target

    Purchase order.exe

  • Size

    1.2MB

  • Sample

    241104-rjzd7szpes

  • MD5

    ad3592992115ba079b714f0015e19885

  • SHA1

    37706ccab8bc97cf0912589a80e456da1f1eb61e

  • SHA256

    1238d57c43e9c243f486f1bce62eb357cbca88026d60ed5b4c52ff9dd0447369

  • SHA512

    fdff4978409f28e00c6742a7c921df589f1fc66d0a9607ed2deac13bba5855dcabeed1c7b66dcbb4424861a5e691ea87ff29500cdd2942e69e0fbe6400d025df

  • SSDEEP

    24576:nAHnh+eWsN3skA4RV1Hom2KXFmIai9tlBkTha+w7n5:ah+ZkldoPK1Xai/jkThm1

Score
6/10

Malware Config

Targets

    • Target

      Purchase order.exe

    • Size

      1.2MB

    • MD5

      ad3592992115ba079b714f0015e19885

    • SHA1

      37706ccab8bc97cf0912589a80e456da1f1eb61e

    • SHA256

      1238d57c43e9c243f486f1bce62eb357cbca88026d60ed5b4c52ff9dd0447369

    • SHA512

      fdff4978409f28e00c6742a7c921df589f1fc66d0a9607ed2deac13bba5855dcabeed1c7b66dcbb4424861a5e691ea87ff29500cdd2942e69e0fbe6400d025df

    • SSDEEP

      24576:nAHnh+eWsN3skA4RV1Hom2KXFmIai9tlBkTha+w7n5:ah+ZkldoPK1Xai/jkThm1

    Score
    6/10
    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks